平台
wordpress
组件
easy-table-of-contents
修复版本
2.0.81
CVE-2026-32343 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the Magazine3 Easy Table of Contents WordPress plugin. This flaw allows an attacker to trick authenticated users into performing actions they did not intend to, potentially modifying site content or settings. The vulnerability impacts versions from 0.0.0 through 2.0.80, and a patch is available in version 2.0.81.
A successful CSRF attack could allow an attacker to modify the Easy Table of Contents settings, potentially injecting malicious code or altering the plugin's behavior. This could lead to defacement of the website, unauthorized data modification, or even a pathway for further attacks. The impact is amplified if the plugin is used extensively on the site, as a wider range of actions could be exploited. While CSRF typically requires user interaction (e.g., clicking a malicious link), the potential for automated exploitation through social engineering or phishing campaigns exists.
CVE-2026-32343 was publicly disclosed on 2026-03-13. No known public proof-of-concept exploits have been released at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog. The medium CVSS score reflects the potential for impact combined with the requirement for user interaction.
Websites using the Easy Table of Contents plugin, particularly those with user accounts and content creation capabilities, are at risk. Shared hosting environments where plugin updates are managed centrally are also vulnerable if they haven't applied the update.
• wordpress / composer / npm:
grep -r 'magazine3/easy-table-of-contents' /var/www/html/
wp plugin list | grep 'Easy Table of Contents'• generic web:
curl -I https://example.com/wp-content/plugins/easy-table-of-contents/ | grep 'Easy Table of Contents'disclosure
漏洞利用状态
EPSS
0.02% (3% 百分位)
CVSS 向量
The primary mitigation is to upgrade the Easy Table of Contents plugin to version 2.0.81 or later. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider implementing a Content Security Policy (CSP) to restrict the sources from which the plugin can load resources. Additionally, implement strict input validation and output encoding to prevent malicious data from being processed. Web Application Firewalls (WAFs) configured with CSRF protection rules can also help mitigate the risk, though this is not a substitute for patching the plugin.
更新到 2.0.81 版本,或更新的修复版本
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-32343 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Easy Table of Contents WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using Easy Table of Contents versions 0.0.0 through 2.0.80. Upgrade to 2.0.81 or later to resolve the issue.
Upgrade the Easy Table of Contents plugin to version 2.0.81 or later. Consider implementing CSP and WAF rules as interim measures.
There are currently no reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the Magazine3 website and WordPress plugin repository for the latest advisory and update information.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。